Filtered by vendor Redhat
Subscribe
Total
5734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5086 | 4 Apple, Google, Microsoft and 1 more | 6 Macos, Chrome, Windows and 3 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2015-7852 | 5 Debian, Netapp, Ntp and 2 more | 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | |||||
| CVE-2017-3258 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
| CVE-2017-15114 | 1 Redhat | 1 Openstack Platform | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. | |||||
| CVE-2017-7552 | 1 Redhat | 1 Mobile Application Platform | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation. | |||||
| CVE-2013-6465 | 1 Redhat | 1 Jbpm | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | |||||
| CVE-2017-1000407 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2025-04-20 | 6.1 MEDIUM | 7.4 HIGH |
| The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | |||||
| CVE-2017-3651 | 4 Debian, Mariadb, Oracle and 1 more | 10 Debian Linux, Mariadb, Mysql and 7 more | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2017-5078 | 5 Apple, Google, Linux and 2 more | 7 Macos, Chrome, Linux Kernel and 4 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument. | |||||
| CVE-2017-3453 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-12896 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). | |||||
| CVE-2017-5109 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. | |||||
| CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2017-3265 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2025-04-20 | 4.9 MEDIUM | 5.6 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). | |||||
| CVE-2017-15116 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | |||||
| CVE-2015-7692 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2014-8170 | 2 Ovirt, Redhat | 2 Ovirt-node, Enterprise Virtualization | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | |||||
| CVE-2014-3706 | 1 Redhat | 1 Enterprise Mrg | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | |||||
| CVE-2017-5091 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2014-0143 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
| Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. | |||||